Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

JeffRees
New Contributor

AV Scan on SMB traffic

Hi All,

I am experiencing issue with the above on Forti OS v5.2.5.

I have enabled AV and IPS scanning of SMB traffic via the Cli, whilst also applying this to a AV and IPS profile, that is applied to a specific rule for smb traffic between source and destination.

In trying to pass the EICAR file through the device over an SMB share, the device recognizes the file and says it is blocked, the file is copied from source to destination but is unable to be opened at the destination. Although if the end device is a Linux based device the file can be opened.

I am looking for some assistance in clarifying the operation of the AV / IPS filter. I am Unable to post any configurations as the system is on a closed network.

The device appears to say the file is blocked although the file still turns up at the destination.

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.